ITN instructorPPT Chapter11 final

Chapter 1111.0 Introduction 11.1 Create and Grow 11.2 Keeping the Network Safe 11.3 Basic Network Performance 11.4 Managing IOS Configuration Files 11.5 Integrated Routing Services 11.6

Trang 1

Chapter 11: It’s a

Network

Introduction to Networking

Trang 2

Chapter 11

11.0 Introduction

11.1 Create and Grow

11.2 Keeping the Network Safe

11.3 Basic Network Performance

11.4 Managing IOS Configuration Files

11.5 Integrated Routing Services

11.6 Summary

Trang 3

Chapter 11: Objectives

Upon completion of this chapter, you will be able to:

 Identify the devices and protocols used in a small network

 Explain how a small network serves as the basis of larger

networks

 Describe the need for basic security measures on network

devices

 Identify security vulnerabilities and general mitigation techniques

 Configure network devices with device hardening features to

mitigate security threats

 Use the output of ping and tracert commands to establish

relative network performance

 Use basic show commands to verify the configuration and status

of a device interface

Trang 4

Chapter 11: Objectives (Cont.)

 Use the basic host and IOS commands to acquire information

about the devices in a network

 Explain the file systems on Routers and Switches

 Apply the commands to back up and restore an IOS configuration

file

Trang 5

11.1 Create and Grow

Trang 6

Devices in a Small Network

Small Network Topologies

Typical Small Network Topology

Trang 7

Device Selection for a Small Network

Factors to be considered when selecting intermediate devices.

Trang 8

IP Addressing for a Small Network

 IP addressing scheme should be planned, documented and

maintained based on the type of devices receiving the address

 Examples of devices that will be part of the IP design:

• End devices for users

• Servers and peripherals

• Hosts that are accessible from the Internet

• Intermediary devices

 Planned IP schemes help the administrator:

• Track devices and troubleshoot

• Control access to resources

Trang 9

Redundancy in a Small Network

Trang 10

Design Considerations for a Small Network

 The following should be

included in the network

design:

• Secure file and mail

servers in a centralized location

• Protect the location

by physical and logical security measures

• Create redundancy

in the server farm

• Configure redundant

Trang 11

Protocols in a Small Network

Common Applications in a Small Network

Network-Aware Applications – Software programs that are used to

communicate over the network.

Application Layer Services – Programs that interface with the

network and prepare the data for transfer

Trang 12

Common Protocols in a Small Network

 How messages are

sent and the

Trang 13

Real-Time Applications for a Small Network

Real-time applications require planning and dedicated services to

ensure priority delivery of voice and video traffic

 Infrastructure – Needs to be evaluated to ensure it will support

proposed real time applications

 VoIP – Is implemented in organizations that still use traditional

telephones

 IP telephony – The IP phone itself performs voice-to-IP

conversion.

 Real-time Video Protocols – Use Time Transport Protocol (RTP)

and Real-Time Transport Control Protocol (RTCP)

Trang 14

Growing to Larger Networks

Scaling a Small Network

Important considerations when growing to a larger network:

 Documentation –Physical and logical topology.

 Device inventory – List of devices that use or comprise the network.

 Budget – Itemized IT expense items, including the amount of money

allocated to equipment purchase for that fiscal year

 Traffic Analysis – Protocols, applications, and services and their

respective traffic requirements should be documented

Trang 15

Protocol Analysis of a Small Network

Information gathered by protocol analysis can be used to make

decisions on how to manage traffic more efficiently.

Trang 16

Evolving Protocol Requirements

Trang 17

11.2 Keeping the Network

Safe

Trang 18

Network Device Security Measures

Threats to Network Security

Categories of Threats to Network Security

Trang 19

Physical Security

Four classes of physical threats are:

 Hardware threats – Physical damage to servers, routers,

switches, cabling plant, and workstations

 Environmental threats – Temperature extremes (too hot or too

cold) or humidity extremes (too wet or too dry)

 Electrical threats – Voltage spikes, insufficient supply voltage

(brownouts), unconditioned power (noise), and total power loss

 Maintenance threats – Poor handling of key electrical

components (electrostatic discharge), lack of critical spare parts,

poor cabling, and poor labeling

Trang 20

Types of Security Vulnerabilities

Trang 21

Vulnerabilities and Network Attacks

Viruses, Worms and Trojan Horses

 Virus – Malicious software that is attached to another program to

execute a particular unwanted function on a workstation

 Trojan horse – An entire application written to look like something

else, when in fact it is an attack tool

 Worms – Worms are self-contained programs that attack a system

and try to exploit a specific vulnerability in the target The worm

copies its program from the attacking host to the newly exploited

system to begin the cycle again

Trang 22

Reconnaissance Attacks

Trang 23

Access Attacks

Trang 24

Access Attacks (Cont.)

Trang 25

Denial of Service Attacks (DoS)

Trang 26

Mitigating Network Attacks

Backup, Upgrade, Update, and Patch

 Keep current with

the latest versions

of antivirus

software

 Install updated

security patches

Antivirus software can detect most viruses and many Trojan horse

applications and prevent them from spreading in the network

Trang 27

Authentication, Authorization, and AccountingAuthentication, Authorization, and Accounting (AAA, or “triple A”)

 Authentication – Users and administrators must prove their identity

Authentication can be established using username and password

combinations, challenge and response questions, token cards, and

other methods

 Authorization – Determines which resources the user can access

and the operations that the user is allowed to perform

 Accounting – Records what the user accessed, the amount of time

the resource is accessed, and any changes made

Trang 28

Trang 29

 Policies often include

the use of anti-virus

software and host

intrusion prevention

Common Endpoint Devices

Trang 30

Securing Devices

Introduction to Securing Devices

 Part of network security is securing devices, including end devices

and intermediate devices

 Default usernames and passwords should be changed

immediately

 Access to system resources should be restricted to only the

individuals that are authorized to use those resources

 Any unnecessary services and applications should be turned off

and uninstalled, when possible

 Update with security patches as they become available

Trang 31

Passwords

Weak and Strong Passwords

Trang 33

Enable SSH

Trang 34

11.3 Basic Network

Performance

Trang 35

Trang 36

Leveraging Extended Ping

The Cisco IOS offers an "extended" mode of the ping command:

• Extended commands [n]: y

• Source address or interface: 10.1.1.1

• Type of service [0]:

Trang 37

Ping

Network Baseline

Baseline with ping

Trang 38

Network Baseline (Cont.)

Trang 39

Tracert

Interpreting Tracert Messages

Trang 40

Show Commands

Common Show Commands Revisited

The status of nearly every process or function of the router can be

displayed using a show command.

Frequently used show commands:

Trang 41

Show Commands

Viewing Router Settings With Show Version

Cisco IOS Version System Bootstrap Cisco IOS Image CPU and RAM

Configuration Register

Number and Type of Physical Interfaces Amount of NVRAM Amount of Flash

Trang 42

Show Commands

Viewing Switch Settings With Show Version

show version Command

Trang 43

Host and IOS Commands

ipconfig Command Options

Trang 44

arp Command Options

Trang 45

show cdp neighbors Command Options

show cdp neighbors command provides information about each

directly connected CDP neighbor device

Trang 46

Using show ip interface brief Command

show ip interface brief command-used to verify the status

of all network interfaces on a router or a switch

Trang 47

11.4 Managing IOS

Configuration Files

Trang 48

Router and Switch File Systems

Router File Systems

show file systems command – Lists all of the available file

systems on a Cisco 1941 route

The asterisk (*) indicates this is the current default file system

Trang 49

Router and Switch File Systems

Switch File Systems

show file systems command – Lists all of the available file

systems on a Catalyst 2960 switch

Trang 50

Backup and Restore Configuration Files

Backup and Restore Using Text Files

Saving to a Text File in Tera Term

Trang 51

Backup and Restore Using TFTP

 Configuration files can be stored on a Trivial File Transfer Protocol

Trang 52

Using USB Interfaces on a Cisco Router

 USB flash drive must be formatted in a FAT16 format

 Can hold multiple copies of the Cisco IOS and multiple router

configurations

 Allows administrator to easily move configurations from router to

router

Trang 53

Backup and Restore Using USB

Backup to USB Drive

Trang 54

11.5 Integrated Routing

Services

Trang 55

Integrated Router

Multi-function Device

 Incorporates a switch, router, and wireless access point

 Provides routing, switching and wireless connectivity

 Linksys wireless routers, are simple in design and used in home

networks

Cisco Integrated Services Router (ISR) product family offers a wide

range of products, designed for small office to larger networks.

Trang 56

Wireless Capability

 Wireless Mode – Most integrated wireless routers support 802.11b,

802.11g and 802.11n

 Service Set Identifier (SSID) – Case-sensitive, alpha-numeric name

for your home wireless network

 Wireless Channel – RF spectrum can be divided up into channels.

Linksys Wireless Settings

Trang 57

Basic Security of Wireless

 Change default values

 Disable SSID broadcasting

 Configure Encryption using WEP or WPA

 Wired Equivalency Protocol (WEP) - Uses pre-configured

keys to encrypt and decrypt data Every wireless device

allowed to access the network must have the same WEP key

entered

 Wi-Fi Protected Access (WPA) – Also uses encryption keys

from 64 bits up to 256 bits New keys are generated each time

a connection is established with the AP; therefore, more

secure

Trang 58

Configuring the Integrated Router

Step 1 - Access the router by cabling a computer to one of the router’s

LAN Ethernet ports

Step 2 - The connecting device will automatically obtain IP addressing

information from Integrated Router

Step 3 - Change default username and password and the default Linksys

IP address for security purposes

Initial Access to the Router

Trang 59

Enabling Wireless

Step 1 - Configure the wireless mode

Step 2 - Configure the SSID

Step 3 - Configure RF channel

Step 4 - Configure any desired security encryption

Trang 60

Configure a Wireless Client

 The wireless client

 Wireless client software

can be integrated into the

device operating system

or stand alone,

downloadable, wireless

Trang 61

11.6 Summary

Trang 62

Chapter 11: Summary

In this chapter, you learned:

 Good network design incorporates reliability, scalability, and

availability

 Networks must be secured from viruses, Trojan horses, worms and

network attacks

 The importance of documenting Basic Network Performance

 How to test network connectivity using ping and traceroute.

 How to use IOS commands to monitor and view information about

the network and network devices

 How to backup configuration files using TFTP or USB

 Home networks and small business often use integrated routers,

which provide the functions of a switch, router and wireless access

Trang 63

Định dạng
Số trang	63
Dung lượng	9,43 MB